PT-2020-15243 · Palo Alto Networks · Pan-Os
Chris Ganas
·
Published
2020-05-13
·
Updated
2020-05-14
·
CVE-2020-2017
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions prior to 7.1.26
PAN-OS versions prior to 8.1.13
PAN-OS versions prior to 9.0.6
PAN-OS 8.0 (all versions)
Description
A DOM-Based Cross Site Scripting issue exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions.
Recommendations
For PAN-OS versions prior to 7.1.26, update to version 7.1.26 or later.
For PAN-OS versions prior to 8.1.13, update to version 8.1.13 or later.
For PAN-OS versions prior to 9.0.6, update to version 9.0.6 or later.
For PAN-OS 8.0, consider upgrading to a later version of PAN-OS that is not affected by this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os